Che tipo di superficie di attacco c'è per un sito che ospita solo contenuti statici: HTML, immagini, CSS? Come possono essere penetrati con successo siti come questo?
Anche quando non ci sono applicazioni web vulnerabili, c'è ancora molto altro codice che potrebbe essere vulnerabile.
Le pagine statiche sono ancora suscettibili agli attacchi di frammento :
The technique to avoid sending the payload to the server hinges on the fact that URI fragments (the part in the URI after the “#”) is not sent to the server by the browser. Thus, any client side code that references, say,
document.location
, may be vulnerable to an attack which uses fragments, and in such case the payload is never sent to the server. For example, the above DOM based XSS can be modified into:http://www.some.site/page.html#default=<script>alert(document.cookie)</script>
which mounts the same attack without it being seen by the server (which will simply see a request for page.html without any URL parameters).
In December 2006, Stefano Di Paola and Giorgio Fedon described a universal XSS attack against the Acrobat PDF plugin ([4]). This attack applied the fragment variant of DOM based XSS to PDF documents. The researchers discovered that a PDF document served to the browser, when rendered by the Acrobat plugin, may end up executing part of the fragment as Javascript. Since the Javascript is executed in the context (DOM) of the current site, all an attacker needed to exploit this flaw was to simply find a PDF link somewhere on the site for the XSS condition to be met.
Leggi altre domande sui tag web-hosting webserver